Google has denied Microsoft claims that its Android operating system has been compromised by malware, resulting in phones being corralled into a botnet by hackers.
Earlier in the week, Microsoft engineer Terry Zink claimed compromised Android devices were part of an international botnet used to push out spam.
In a statement released today, Google said it had found no evidence to support Zink's claims.
"Our analysis suggests that spammers are using infected computers and a fake mobile signature to try to bypass anti-spam mechanisms in the email platform they're using," said a Google spokesman.
An investigation by the search giant suggested junk emails originated on PCs but spammers formatted them to look like they were sent from Android smartphones.
It said the method was used to give the messages a better chance of defeating spam filters.
Other security researchers had backed Zink's view, before backtracking later.
"So one of two things is happening here. We either have a new PC botnet that is exploiting Yahoo's Android APIs or we have mobile phones with some sort of malware that uses the Yahoo APIs for sending spam messages," said Chester Wisniewski of security software vendor Sophos.
He added that one of the interesting data points supporting the argument that this is new Android malware is the unusually large number of originating IPs on mobile networks.
Mobile security company Lookout also cast doubt on Zink's claim. The firm's CTO and co-founder, Kevin Mahaffey, said insecure Android applications were most likely to blame.
"In order for the botnet explanation to be valid, each of the originating devices would have to be infected with mobile malware," he said.
"While this is certainly a possibility (and one that we can't refute), there is another explanation that we believe is significantly more likely," he said.
Regardless of how this spam campaign works, it was clear from initial reports that the Yahoo Mail Android app may play a key role, he added.
"After taking a detailed look at the app, we've found a number of issues that have potentially broader implications for all Android users of Yahoo Mail," he said.
Mahaffey confirmed he had been in contact with Yahoo about vulnerabilities in the app and said the search firm's mobile team was "actively working on these issues."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
96% of SMBs are missing critical cybersecurity skills – here's whyNews The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualizedReviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
-
MSPs are struggling with cyber security skills shortagesNews A shortage of tools and difficulties keeping pace with solutions were also ranked as key issues for MSPs
-
Nearly 70 software vendors sign up to CISA’s cyber resilience programNews Major software manufacturers pledge to a voluntary framework aimed at boosting cyber resilience of customers across the US
-
Sophos and Tenable team up to launch new managed risk serviceNews The new fully managed service aims to help organizations manage and protect external attack surfaces
-
Ransomware groups are using media coverage to coerce victims into payingNews Threat actors are starting to see the benefits of a more sophisticated media strategy for extracting ransoms
-
Shrinking cyber attack “dwell times” highlight growing war of attrition with threat actorsNews While teams are becoming more proficient at detecting threats, attackers are augmenting their strategies
-
Cyber security in the retail sectorWhitepapers Retailers need to ensure their business operations and internal data aren't breached
